Investigate and document envvar issues with tor-config
The tor-config crate's CfgPath
type uses directories
to look up locations on disk. In conformance with various standards, directories
looks at the environment in order to see where it's supposed to put things.
Back RUSTSEC-2020-0159, everbody hit a different issue with safety and the environment. In this case, the problem was that a crate was calling a C API that looked at the environment, and the environment is not threadsafe in C. I think we're in the clear, but we should check.
We should, at the very least, document that we'll look at the environment here.